SoheilKhodayari / TheThingView external linksLinks
TheThing: an open-source tool to detect DOM Clobbering vulnerabilities
☆57Oct 25, 2023Updated 2 years ago
Alternatives and similar repositories for TheThing
Users that are interested in TheThing are comparing it to the libraries listed below
Sorting:
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆60Dec 18, 2025Updated last month
- A framework for the detection of COSI vulnerabilities / XS-Leaks☆14Mar 29, 2023Updated 2 years ago
- HTML Universal Identifier☆65Dec 15, 2024Updated last year
- Clickme is a powerful multi-step clickjacking tool designed for security professionals. Create, visualize, and demonstrate complex clickj…☆14Sep 4, 2025Updated 5 months ago
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆75Jan 21, 2024Updated 2 years ago
- A utility to fetch and display dns names from the SSL/TLS cert data☆16Aug 11, 2023Updated 2 years ago
- Collection of over 9000 xss payloads | heavy xss collection☆13Dec 6, 2022Updated 3 years ago
- NodeJS File Write to RCE on a read-only filesystem using a ROP chain in libuv☆37Oct 13, 2024Updated last year
- A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.☆48Aug 31, 2025Updated 5 months ago
- Javascript file change monitoring☆17Nov 11, 2025Updated 3 months ago
- ☆24May 21, 2025Updated 8 months ago
- ☆17May 10, 2021Updated 4 years ago
- Burp Suite's extension to scan and crawl Single Page Applications☆107Apr 14, 2023Updated 2 years ago
- CLI tools using Harpoon features☆24Nov 7, 2023Updated 2 years ago
- Unicode characters that will translate a single character to multiple characters in domain names or TLD's☆50Nov 23, 2024Updated last year
- PP-finder Help you find gadget for prototype pollution exploitation☆190Aug 8, 2024Updated last year
- YuraScanner☆73Feb 13, 2025Updated last year
- ctf writeup and log☆48Nov 30, 2024Updated last year
- Simple Django to show post-exploitation options when server-side template injection (SSTI) is present in app using Django Templates.☆24Jun 1, 2021Updated 4 years ago
- A repo for tools, utils, and wrappers that are to small to put in their own repo.☆23Mar 18, 2023Updated 2 years ago
- jxscout superpowers JavaScript analysis for security researchers☆372Updated this week
- ☆22Dec 1, 2025Updated 2 months ago
- ☆15Sep 21, 2019Updated 6 years ago
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆769Dec 9, 2025Updated 2 months ago
- ☆23Jan 2, 2023Updated 3 years ago
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆21Aug 25, 2024Updated last year
- A nostalgic journey back to the era of retro RPGs with a cyber twist in the theme of Die Hard☆31Sep 2, 2023Updated 2 years ago
- This Chromium extensions aims at supporting the analysis of single sign-on implementations, by offering semi-automated analysis and attac…☆29Jul 4, 2023Updated 2 years ago
- Bug bounty domain manager with validation, exports & Redis storage ✨☆29Jun 5, 2025Updated 8 months ago
- List of RegEx DoS (ReDoS) CVEs and resources☆29Feb 6, 2023Updated 3 years ago
- CTF challenges I created 🚩☆76Dec 26, 2025Updated last month
- A powerful bash script for massive XSS scanning leveraging Brute Logic's KNOXSS API☆75Jan 24, 2025Updated last year
- ObjLupAnsys is a tool to detect prototype pollution vulnerabilities in Node.js packages. This project is written in Python and JavaScript…☆26Nov 30, 2021Updated 4 years ago
- Testability Pattern Catalogs for SAST☆32Feb 18, 2025Updated 11 months ago
- CVE-2023-6063 (WP Fastest Cache < 1.2.2 - UnAuth SQL Injection)☆29Nov 15, 2023Updated 2 years ago
- Prototype Pollution and useful Script Gadgets☆1,581Jan 27, 2024Updated 2 years ago
- ☆35Oct 29, 2021Updated 4 years ago
- AssetViz simplifies the visualization of subdomains from input files, presenting them as a coherent mind map. Ideal for penetration test…☆37Apr 2, 2024Updated last year
- Prototype Pollution exploits collection☆37Aug 8, 2021Updated 4 years ago